Re: [Panic] 2.6.8 and ingress scheduling

From: Patrick McHardy
Date: Sun Aug 15 2004 - 11:13:13 EST

Next message: Sindi Keesan: "mdacon and scroll buffer"
Previous message: George Georgalis: "Re: kernel-2.6.8.1 EIP is at velocity_netdev_event+0x16/0x50"
In reply to: lkml: "Re: [Panic] 2.6.8 and ingress scheduling"
Next in thread: David S. Miller: "Re: [Panic] 2.6.8 and ingress scheduling"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

lkml@xxxxxxxxxxxxxxxx wrote:

hello again,

the last line (filter add) in the "wondershaper" script does sth. to the
kernel, that lets it panic on receiving network packets.

actually, the last _two_ commands set up the kernel for panic. please
see attached script; running should produce this console message:

Fixed by this patch. qdisc_data was only aligned correctly in qdisc_create_dflt(),
not qdisc_create() which resulted in memory corruption.

Regards
Patrick
# This is a BitKeeper generated diff -Nru style patch.
#
# ChangeSet
# 2004/08/15 18:08:13+02:00 kaber@xxxxxxxxxxxx
# [PKT_SCHED]: cacheline-align qdisc data in qdisc_create()
#
# Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
#
# net/sched/sch_api.c
# 2004/08/15 18:04:27+02:00 kaber@xxxxxxxxxxxx +13 -8
# [PKT_SCHED]: cacheline-align qdisc data in qdisc_create()
#
diff -Nru a/net/sched/sch_api.c b/net/sched/sch_api.c
--- a/net/sched/sch_api.c 2004-08-15 18:09:36 +02:00
+++ b/net/sched/sch_api.c 2004-08-15 18:09:36 +02:00
@@ -389,7 +389,8 @@
{
int err;
struct rtattr *kind = tca[TCA_KIND-1];
- struct Qdisc *sch = NULL;
+ void *p = NULL;
+ struct Qdisc *sch;
struct Qdisc_ops *ops;
int size;

@@ -407,12 +408,18 @@
if (ops == NULL)
goto err_out;

- size = sizeof(*sch) + ops->priv_size;
+ /* ensure that the Qdisc and the private data are 32-byte aligned */
+ size = ((sizeof(*sch) + QDISC_ALIGN_CONST) & ~QDISC_ALIGN_CONST);
+ size += ops->priv_size + QDISC_ALIGN_CONST;

- sch = kmalloc(size, GFP_KERNEL);
+ p = kmalloc(size, GFP_KERNEL);
err = -ENOBUFS;
- if (!sch)
+ if (!p)
goto err_out;
+ memset(p, 0, size);
+ sch = (struct Qdisc *)(((unsigned long)p + QDISC_ALIGN_CONST)
+ & ~QDISC_ALIGN_CONST);
+ sch->padded = (char *)sch - (char *)p;

/* Grrr... Resolve race condition with module unload */

@@ -420,8 +427,6 @@
if (ops != qdisc_lookup_ops(kind))
goto err_out;

- memset(sch, 0, size);
-
INIT_LIST_HEAD(&sch->list);
skb_queue_head_init(&sch->q);

@@ -470,8 +475,8 @@

err_out:
*errp = err;
- if (sch)
- kfree(sch);
+ if (p)
+ kfree(p);
return NULL;
}

Next message: Sindi Keesan: "mdacon and scroll buffer"
Previous message: George Georgalis: "Re: kernel-2.6.8.1 EIP is at velocity_netdev_event+0x16/0x50"
In reply to: lkml: "Re: [Panic] 2.6.8 and ingress scheduling"
Next in thread: David S. Miller: "Re: [Panic] 2.6.8 and ingress scheduling"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]